Combined ServerAuth+CientAuth for SMTP connections

39 views
Skip to first unread message

Roman Fischer

unread,
Feb 12, 2026, 1:34:51 AM (2 days ago) Feb 12
to smcwg-...@groups.cabforum.org

Dear Group,

 

I didn't participate in yesterday's call but would like to contribute a bit to the question regarding the impact of ServerAuth-only TLS certificates:

 

One of our customers highlighted the fact that e.g. Microsoft Exchange seems to give SMTP connections that present a client cert that is public trusted (aka TLS certificate with ServerAuth+ClientAuth) a higher rating than connections without such a certificate. They are now of course anxious that their email delivery may be impacted if the ClienAuth EKU goes away.

 

We tried to contact Microsoft about this but unfortunately have not gotten a response yet. Maybe we could try to get a representative from Microsoft to push this further?

 

Kind regards
Roman

 

Roman Fischer

Information Security Manager

 

+41 76 310 12 66

roman....@swisssign.com

 

SwissSign AG

Sägereistrasse 25

Postfach

CH-8152 Glattbrugg
swisssign.com

 

Nichts mehr verpassen: Folgen Sie uns auf LinkedIn!

Abonnieren Sie unseren Newsletter oder besuchen Sie unseren Blog.

 

Ashish Dhiman

unread,
Feb 12, 2026, 1:39:38 AM (2 days ago) Feb 12
to smcwg-...@groups.cabforum.org
like Ashish Dhiman reacted to your message:
From: 'Roman Fischer' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>
Sent: Thursday, February 12, 2026 6:34:43 AM
To: smcwg-...@groups.cabforum.org <smcwg-...@groups.cabforum.org>
Subject: [Smcwg-public] Combined ServerAuth+CientAuth for SMTP connections
 
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/ZR0P278MB0170141A0C5C02387E708373FA60A%40ZR0P278MB0170.CHEP278.PROD.OUTLOOK.COM.

大野 文彰

unread,
Feb 12, 2026, 12:35:16 PM (2 days ago) Feb 12
to smcwg-...@groups.cabforum.org

Dear Roman,

 

I would like to agree with your concern.

 

I support the proposal to actively engage Microsoft and obtain a clear statement

on whether, and how, the ClientAuth EKU is used in SMTP connection evaluation.

 

Best regards,

 

ONO Fumiaki / 大野 文彰

(Japanese name order: family name first, in uppercase)

SECOM Trust Systems CO., LTD.

 

From: 'Roman Fischer' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>
Sent: Thursday, February 12, 2026 3:35 PM
To: smcwg-...@groups.cabforum.org
Subject: [Smcwg-public] Combined ServerAuth+CientAuth for SMTP connections

 

Dear Group,

--

Reply all
Reply to author
Forward
0 new messages